South Korea-based Zcall Delivery Android apps are leaking delivery information, plaintext passwords, and financial information.

2 votes and 0 comments so far on Reddit

We found a new Mirai variant we’ve called Yowai and Gafgyt variant Hakai abusing a ThinkPHP flaw for propagation and DDoS attacks.

0 votes and 0 comments so far on Reddit

This is Worth Trying Out — An Open Source Project for Security Analytics with Snowflake

Steganography Steganography is hiding a file or a message inside of another file , there are many fun steganography CTF challenges out there where the flag is hidden in an image , audio file or even other types of files. Here is a list of the most tools I…

A few weeks back, I and a friend of mine were discussing web frameworks and how he claimed to have made an ‘Impossible to Bypass’ login…

MOSP - Create, edit and share JSON objects

Using this a little article, you can find an interesting security thing in content-disposition in file download and upload time.

The attack consists in 'guessing' the passwords of some dailymotion accounts by automatically trying a large number of combinations.

In this post I explore the uses and limitations of the “perimeter” metaphor and look at the impact from the growth of OSINT in recent…

Along the years, I've been influenced by many great minds on how to do research. I thought I would paste a few of their advice here.
Disregard.
That advice from Feynman’s Breakthrough, Disregard Others!
was really useful to me as I realized that I HAD to…

Back in March 2018, I embarked on an arguably pointless crusade to prove that the TrustedToAuthForDelegation attribute was meaningless, and that “protocol transition” can be achieved without it. I believed that security wise, once constrained delegation was…

13 votes and 35 comments so far on Reddit

On Friday, January 25, 2019, our honeypots detected opportunistic scanning activity from multiple hosts targeting Cisco Small Business RV320 and RV325 routers. A vulnerability exists in these route…

分享奇虎360公司的技术，与安全的互联网共同成长。

I’ve been doing InfoSec stuff for ~20 years now (warning: time sneaks up on you!) and every 3–5 years I discover a better understanding of…

1 vote and 0 comments so far on Reddit

AZORult attackers continue to adjust tactics to increase the chances that they’ll evade detection. This malware is a common information stealer, capable of exfiltrating a wide range of sensitive artifacts from an endpoint, including files, cached passwords…

This post on AWS role enumeration demonstrations a new IAM vulnerability in Amazon Web Services. Attackers can use account roles in larger cloud attacks.

Local Exploitation of WCF Services within ZoneAlarm Anti-Virus Software to Escalate Privileges General Overview Illumant has discovered a critical vulnerability in Check Point’s ZoneAlarm anti-virus software. This vulnerability allows a low-privileged user…